GDPR

Leave a Nest Co., Ltd. (hereinafter referred to as “Our Company” or “We”) will strictly adhere to the Act on the Protection of Personal Information (hereinafter the “Protection Law”) and the General Data Protection Regulation (hereinafter referred to as “the GDPR”) of the EU and has adopted the following privacy policy (hereinafter “this Policy”) for the handling of personal information collected through websites we operate (including but limited to https://lne.st, https://global.lne.st/, and https://r.lne.st/, hereinafter referred to as “Our Websites”) and every business operation we conduct. This Policy applies to personal information of data subject residing in the EU and the EEA areas. Other personal information processing will be subject to a separate policy. The Japanese version of this Policy may be viewed at  https://lne.st/gdpr_policy/ .

Article 1 (Defined Terms)

1. In this Policy, the following terms contain the meanings stipulated below respectively.

(1) Personal information

As defined by Article 4, Paragraph 1 of the GDPR, any information relating to an identified or identifiable natural person.

(2) Processing (of personal information)

As defined by Article 4, Paragraph 2 of the GDPR, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

Article 2 (Identity and contact address, etc. of the managing party)

1. Data administrator of the personal information we collect is as follows:

Leave a Nest Co., Ltd.

5F Miyuki-building, Iidabashi 1-4, Shimomiyabi-cho, Shinjuku, Tokyo, 162-0822

2. For comments and questions concerning this Policy and any other enquiries concerning the handling of personal information, please contact the following staff and number:

Personal information handling staff, Leave a Nest Co., Ltd., Manager of

Weekdays 9:00 AM to 5:00 PM

Telephone: 03-5227-4198

Article 3 (Purpose of use of personal information collected and legal grounds)

1. We will collect personal information relevant to our business activities and other activities using lawful and fair methods included but not limited to those listed below.

(1) Information entered into Our Websites through all types of registration including our inquiry form.

(2) Information entered into application forms and other documents including contracts for business activities (including but not limited to LNest Grant, L-RAD, L-nest School, our consultation services for research careers and research themes, Science Castle, Science Castle Grant, and Science Kingdom, hereinafter collectively referred to as “Our Businesses”) conducted or operated by Our Company (including business activities undertaken in cooperation with third parties).

(3) Information entered into, digital data provided via, or when written content entered into Our Websites regarding recruitment activities.

2. Personal information that Our Company collects and the purpose its use as well as the primary legal bases are as stipulated in the following table. With regards to legal bases, other reasons permitted by the GDRP may arise, depending on situations. In addition, when there is a necessity occurred to change the purpose of use of each type of personal information, we will reobtain user consent after explaining the legal basis for the change to the user, except for legally acceptable cases.

Personal information to be collected	Purpose of use	Primary legal basis
User name, e-mail address, phone number, login name and password, address, payment and/or bank account information, social security number, driver’s license, date of birth, photograph and signature, employment history, personal history, affiliation, official position	(1) To collect and compile statistical data for the management and improvement of Our Websites and our research and study. (2) For surveys concerning Our Businesses, data collection, and research and development. (3) To send information about Our Company’s and Our Businesses’ products, services, events, news, and other information. (4) To distribute our e-mail magazine. (5) To provide information, contact, or respond to inquiries concerning Our Company or Our Websites.	A. User consent B. Legitimate interests (service improvement, client management, etc.)
	(6) To deal with violations against Our Businesses’ terms of use or other rules. (7) For recruitment activities of Our Company (including personnel management after employees joining the company)	A. User consent B. To complete procedures requested by users party to contract or soon to conclude a contract. C. Legitimate interests (for managing debts and credits, for personnel management, etc.)
Cookies	(1) To collect and compile statistical data for managing and improving Our Websites and our research and study. (2) For surveys concerning Our Businesses, data collection, and research and development.	A. User consent B. Legitimate interests (service improvement, client management, etc.)

 

Article 4 (Information sharing and disclosure, relocation to a third country)

1. We may disclose personal information to the third parties described below with the condition that personal information security is guaranteed and that all applicable laws are strictly adhered to.

• Group companies of Our Company (“Group Companies”)

This include but are not limited to those listed and updated time to time under “Primary group companies” at the following link.

https://global.lne.st/offices/

You agree that any personal information which you submit via any of our websites can be shared with our Group Companies.

(2) Third parties not included in the preceding paragraph but considered to be those required to disclose relevant information for the execution of the business activities of Our Company.

2. Transfer of personal information to third parties stipulated in the preceding paragraph includes transfers from within the EEA to outside of the EEA. We will only conduct personal information transfers when at least one of the following conditions applies. However, when the said transfer is scheduled, users will be notified of the specific legal basis allowing for said transfer and the name of the destination country involved in the transfer.

(1) Transfers to the countries that the European Commission certifies as adequate in terms of the security standards for protecting personal information (adequacy decision).

(2) Transfer to the party with whom a contract containing standard data protection clauses designated by the European Commission has been concluded.

(3) For other transfers outside of the EEA that meet legal requirements (including but not limited to the exemption clauses set forth by Article 49, Paragraph 1 of the GDPR).

Article 5 (Retention period)

1. We will retain user personal information for the period necessary for the purpose for which it was collected. The “necessary period” set forth in this article will be determined by the conditions listed below.

(1) The user’s contract period ends or the user terminates use of our services.

(2) When the user clearly indicates that our services or other guidance are unnecessary.

(3) When we have determined that the user’s personal information is not relevant for survey or research purposes and does not need to be retained.

(4) For other reasons such as the high confidentiality level of the said personal information, and the possibility that a dispute related to the processing of the said personal information occurs between the user.

Article 6 (Rights of data subjects)

1. In accordance with the GDPR, the user may, at any time, make the following requests to Our Company concerning their own personal information that we possess.

(1) Right to access

Users have the right to request the provision of the content of their own personal information we possess, an explanation of how it will be processed, and a copy of data pertaining to said personal information.

(2) Right to rectification

Users have the right to have incorrect or incomplete information corrected or complemented when their own personal information is determined to be incorrect or incomplete for processing purposes.

(3) Right to Erasure (Right to be Forgotten)

Users have the right to have their personal information deleted. However, for the said information we possess, this is limited to certain situations allowed by the GDPR, such as when there is no legal basis for processing, when the said legal basis has disappeared, when the said information must be deleted in adherence to law, or when the said information was collected in relation to the direct provision of information society services to a minor.

(4) Right to Restriction of Processing

Users have the right to request restriction on the processing of their own personal information. However, this is limited to situations allowed by the GDPR, such as the case where there is a dispute over the accuracy or processing method used on the said personal information and other cases where we no longer require the said information but it is necessary by the user to establish, exercise, or protect their legal rights.

(5) Right to Data Portability

Regarding their own personal information, possessed by Our Company, that was compiled in a commonly-used format, users have the right to request 1. that we submit the said information to the user and 2. that we send the said information to other corporations or similar entities (including direct transmission as far as it is technically possible). However, this is limited to the cases where the said personal information has been accepted as a right by the GDPR, including when the said personal information has been processed based on user consent or when it has been processed by automatic means.

2. Regarding the user’s right to request stipulated in the preceding paragraph, we may refuse it in the case provided below and in accordance with the GDPR and other laws as follows.

(1) When it is determined that user requests are excessive for the reasons such as there is no clear basis for a request or requests have been made repeatedly. However, for such cases, we may comply to user requests in exchange for a reasonable fee.

(2) When the request infringes on the rights and freedoms (including the freedom of expression) of a third party.

(3) When required for public benefit.

(4) When necessary to establish, exercise, or protect legal rights in accordance with the right to deletion or the right to restriction of processing.

(5) In accordance with the right to deletion, when contributing to scientific research, historic research, or compiling statistics.

3. Formal complaints based on the rights stipulated in Paragraph 1 can be made by contacting us at the address listed in Article 2, Paragraph 2 or at the e-mail address listed below.

[email protected]

Article 7 (Right to object to processing)

1. Users have the right to object to the processing of their personal information (including profiling) conducted by us based on the reasons listed below at any time.

(1) When personal information must be processed to serve the public interest.

(2) When processing is required for the legitimate benefit of Our Company or a third party.

2. At any time, users have the right to object to the processing of their personal information for purposes that are initially for direct marketing (including profiling within the range of said marketing).
3. Formal objections based on the rights stipulated in the preceding three paragraphs can be made by contacting us at the address listed in Article 2, Paragraph 2 or at the e-mail address listed in Article 6, Paragraph 3.

Article 8 (Withdrawal of consent)

1. At any time, users can withdraw their consent to processing of personal information conducted by us. However, withdrawal of consent will not affect the legality of processing based on the consent before the withdrawal.
2. Withdrawal of consent based on the preceding paragraph can be exercised by contacting us at the address listed in Article 2, Paragraph 2 or sending a message to the e-mail address listed in Article 6, Paragraph 3.

Article 9 (Mandatory information)

1. When users make use of certain services we offer, it may be mandatory for them to provide information. The types of personal information that are mandatory to use our services will be marked “Required” or with other similar markers on the input form and other forms used to gather the said personal information, so that users can determine which information is mandatory.

Article 10 (Right to lodge a complaint with a supervisory authority)

1. When a user has determined that their personal information had been processed in a way that violated the GDPR, they have the right to lodge a complaint with a supervisory authority at their residence, their employment location, or in the GDPR member nation where the violation took place.

Article 11 (Absence of decision-making based on automated processing that may cause significant effects on users)

1. Our Company will not make decisions based on entirely automated processing using personal information of users in any way that may cause legal repercussions or other similar, significant effects on the said users. However, this does not apply to situations in which measures satisfy the conditions for separate appeal under the GDPR.

Article 12 (Revisions to this Policy)

1. Our Company reserves the right to revise this Policy in whole or in part by our own judgment without user consent. If users use Our Websites after revisions to this Policy have been made, it will be assumed that they agree to the said revision. However, when this Policy undergoes major revisions regarding the content of this Policy, such as changes to handling intent, changes to our identification, or changes relating to methods by which users can exercise their rights in relation to the handling of personal information, users will be informed by a notice posted on Our Websites or other suitable methods.

End of document